General
-
Target
file
-
Size
1.3MB
-
Sample
210624-dx5l4msjee
-
MD5
d1faac2c31205b310f8d189f12716a99
-
SHA1
74dec0c267e39b48b3832fd8f47a729e7396a41c
-
SHA256
f28a5799a09b0c08a171c850e770d0ad4d81b5b70ed589ddea12a7c616405301
-
SHA512
f6a8bc6f01dc4cbe59dd7a47ded1ac3bda255476b2621d97ee3614d4b1d09f3804b26146da72fe2785d7f44ac8d93d2c6993df5944db53f42ac1a430cb26a7b1
Static task
static1
Behavioral task
behavioral1
Sample
file.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
file.doc
Resource
win10v20210408
Malware Config
Extracted
hancitor
2306_vensip
http://extilivelly.com/8/forum.php
http://cludimetifte.ru/8/forum.php
http://sakincesed.ru/8/forum.php
Targets
-
-
Target
file
-
Size
1.3MB
-
MD5
d1faac2c31205b310f8d189f12716a99
-
SHA1
74dec0c267e39b48b3832fd8f47a729e7396a41c
-
SHA256
f28a5799a09b0c08a171c850e770d0ad4d81b5b70ed589ddea12a7c616405301
-
SHA512
f6a8bc6f01dc4cbe59dd7a47ded1ac3bda255476b2621d97ee3614d4b1d09f3804b26146da72fe2785d7f44ac8d93d2c6993df5944db53f42ac1a430cb26a7b1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-